ACME TLS ALPN

2018-07-03 12:44:04 +02:00 · 2018-07-03 12:44:04 +02:00 · 139f280f35
commit 139f280f35
parent 17ad5153b8
258 changed files with 25528 additions and 1516 deletions
--- a/vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go
@ -5,15 +5,15 @@ package cloudflare
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
-	"os"
-	"strings"
 	"time"

 	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/platform/config/env"
 )

 // CloudFlareAPIURL represents the API endpoint to call.
@ -24,47 +24,45 @@ const CloudFlareAPIURL = "https://api.cloudflare.com/client/v4"
 type DNSProvider struct {
 	authEmail string
 	authKey   string
+	client    *http.Client
 }

 // NewDNSProvider returns a DNSProvider instance configured for cloudflare.
 // Credentials must be passed in the environment variables: CLOUDFLARE_EMAIL
 // and CLOUDFLARE_API_KEY.
 func NewDNSProvider() (*DNSProvider, error) {
-	email := os.Getenv("CLOUDFLARE_EMAIL")
-	key := os.Getenv("CLOUDFLARE_API_KEY")
-	return NewDNSProviderCredentials(email, key)
+	values, err := env.Get("CLOUDFLARE_EMAIL", "CLOUDFLARE_API_KEY")
+	if err != nil {
+		return nil, fmt.Errorf("CloudFlare: %v", err)
+	}
+
+	return NewDNSProviderCredentials(values["CLOUDFLARE_EMAIL"], values["CLOUDFLARE_API_KEY"])
 }

 // NewDNSProviderCredentials uses the supplied credentials to return a
 // DNSProvider instance configured for cloudflare.
 func NewDNSProviderCredentials(email, key string) (*DNSProvider, error) {
 	if email == "" || key == "" {
-		missingEnvVars := []string{}
-		if email == "" {
-			missingEnvVars = append(missingEnvVars, "CLOUDFLARE_EMAIL")
-		}
-		if key == "" {
-			missingEnvVars = append(missingEnvVars, "CLOUDFLARE_API_KEY")
-		}
-		return nil, fmt.Errorf("CloudFlare credentials missing: %s", strings.Join(missingEnvVars, ","))
+		return nil, errors.New("CloudFlare: some credentials information are missing")
 	}

 	return &DNSProvider{
 		authEmail: email,
 		authKey:   key,
+		client:    &http.Client{Timeout: 30 * time.Second},
 	}, nil
 }

 // Timeout returns the timeout and interval to use when checking for DNS
 // propagation. Adjusting here to cope with spikes in propagation times.
-func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return 120 * time.Second, 2 * time.Second
 }

 // Present creates a TXT record to fulfil the dns-01 challenge
-func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
-	zoneID, err := c.getHostedZoneID(fqdn)
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	zoneID, err := d.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
 	}
@ -73,7 +71,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
 		Type:    "TXT",
 		Name:    acme.UnFqdn(fqdn),
 		Content: value,
-		TTL:     120,
+		TTL:     ttl,
 	}

 	body, err := json.Marshal(rec)
@ -81,24 +79,24 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
 		return err
 	}

-	_, err = c.makeRequest("POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body))
+	_, err = d.doRequest(http.MethodPost, fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body))
 	return err
 }

 // CleanUp removes the TXT record matching the specified parameters
-func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)

-	record, err := c.findTxtRecord(fqdn)
+	record, err := d.findTxtRecord(fqdn)
 	if err != nil {
 		return err
 	}

-	_, err = c.makeRequest("DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil)
+	_, err = d.doRequest(http.MethodDelete, fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil)
 	return err
 }

-func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
+func (d *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 	// HostedZone represents a CloudFlare DNS zone
 	type HostedZone struct {
 		ID   string `json:"id"`
@ -110,7 +108,7 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 		return "", err
 	}

-	result, err := c.makeRequest("GET", "/zones?name="+acme.UnFqdn(authZone), nil)
+	result, err := d.doRequest(http.MethodGet, "/zones?name="+acme.UnFqdn(authZone), nil)
 	if err != nil {
 		return "", err
 	}
@ -122,20 +120,20 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 	}

 	if len(hostedZone) != 1 {
-		return "", fmt.Errorf("Zone %s not found in CloudFlare for domain %s", authZone, fqdn)
+		return "", fmt.Errorf("zone %s not found in CloudFlare for domain %s", authZone, fqdn)
 	}

 	return hostedZone[0].ID, nil
 }

-func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
-	zoneID, err := c.getHostedZoneID(fqdn)
+func (d *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
+	zoneID, err := d.getHostedZoneID(fqdn)
 	if err != nil {
 		return nil, err
 	}

-	result, err := c.makeRequest(
-		"GET",
+	result, err := d.doRequest(
+		http.MethodGet,
 		fmt.Sprintf("/zones/%s/dns_records?per_page=1000&type=TXT&name=%s", zoneID, acme.UnFqdn(fqdn)),
 		nil,
 	)
@ -158,33 +156,18 @@ func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
 	return nil, fmt.Errorf("no existing record found for %s", fqdn)
 }

-func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
-	// APIError contains error details for failed requests
-	type APIError struct {
-		Code       int        `json:"code,omitempty"`
-		Message    string     `json:"message,omitempty"`
-		ErrorChain []APIError `json:"error_chain,omitempty"`
-	}
-
-	// APIResponse represents a response from CloudFlare API
-	type APIResponse struct {
-		Success bool            `json:"success"`
-		Errors  []*APIError     `json:"errors"`
-		Result  json.RawMessage `json:"result"`
-	}
-
+func (d *DNSProvider) doRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
 	req, err := http.NewRequest(method, fmt.Sprintf("%s%s", CloudFlareAPIURL, uri), body)
 	if err != nil {
 		return nil, err
 	}

-	req.Header.Set("X-Auth-Email", c.authEmail)
-	req.Header.Set("X-Auth-Key", c.authKey)
+	req.Header.Set("X-Auth-Email", d.authEmail)
+	req.Header.Set("X-Auth-Key", d.authKey)

-	client := http.Client{Timeout: 30 * time.Second}
-	resp, err := client.Do(req)
+	resp, err := d.client.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("Error querying Cloudflare API -> %v", err)
+		return nil, fmt.Errorf("error querying Cloudflare API -> %v", err)
 	}

 	defer resp.Body.Close()
@ -216,6 +199,20 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM
 	return r.Result, nil
 }

+// APIError contains error details for failed requests
+type APIError struct {
+	Code       int        `json:"code,omitempty"`
+	Message    string     `json:"message,omitempty"`
+	ErrorChain []APIError `json:"error_chain,omitempty"`
+}
+
+// APIResponse represents a response from CloudFlare API
+type APIResponse struct {
+	Success bool            `json:"success"`
+	Errors  []*APIError     `json:"errors"`
+	Result  json.RawMessage `json:"result"`
+}
+
 // cloudFlareRecord represents a CloudFlare DNS record
 type cloudFlareRecord struct {
 	Name    string `json:"name"`